Personal data and other information may be collected from Data subjects as well as information attained when registering to, and using, services and programs related to Ramtec Oy. Depending on the business activity, it is also possible that contact information is collected interactively e.g. in meetings or by phone. In addition, computerized data collection methods might be utilized. In addition to collecting contact information personally, data may also be collected from employers or from other persons providing services for Ramtec Oy.

Personal data may also be collected and updated from Data subjects of Ramtec Oy as well as from demographic registries, credit report registries, registries supplied by commercial marketing entities and other such private or public registries and sources.

Furthermore, in the course of participation in any business activity electronically, Ramtec Oy may automatically track certain information, such as IP address, the source of visit and type of web browser even prior to explicitly requesting any information.

5. Purpose of data collection and legal bases for the processing

The primary purpose of collecting and processing the Personal data of suppliers is the Business activity e.g. to make the related products and services available for a customer or for a supplier to Ramtec Oy, for relationship management and development, analysis, communication, marketing and business planning. The Personal data may be used for communication with suppliers, for instance, to make additional information related to products and/or services available. The information may contain advertising in the form of electronic direct marketing or equal. If direct marketing is included in the business activity, the related special safeguard requirements, including consistently providing the option to unsubscribe will be taken into account. Contact information may also be used for research and development purposes such as improving and developing IT systems and business processes.

The legal basis for such processing is the legitimate interest of Ramtec Oy to conduct its business, including but not limited to communicating with its suppliers and marketing its operations and products.

Should the Data subject choose not to provide its Personal data to Ramtec Oy, Ramtec Oy might not be able to conclude a contract or continue a contractual relationship with the business, association or company for which the Data subject is representative, or the Data subject might not be able to act as a contact person, of the business, association or company for which the Data subject is representative, in relation to Ramtec Oy.

6. Categories of Data subjects and Personal data and duration of storage

The Data subjects are all representatives of Ramtec Oy’s suppliers and potential suppliers.

The basic information consists typically of the Data subjects name, e-mail address, street address, country, telephone/mobile number and the name of the company (if applicable). In addition, other type of information that are necessary for the Business activity in question may also be collected.

Generally, to the extent permitted by applicable laws and regulations, the information is retained at most ten (10) years after the latest Business activity with the Data subject in question. Additionally, as the case may require, the retention of the information may be extended on the grounds of establishment, exercise or defense of legal claims, the execution of internal investigations or if required so by applicable legislation. This retention period is justified due to obligations or needs related to e.g. product and service warranties, product liability statutes as well as burdens of proofs in possible litigation situations.

The registry may contain the following, detailed Personal data.

• First name, surname

• Contact address

• Country of residence

• Gender

• Date of birth

• Primary language

• Information related to customer and supplier relationship and appropriate related information such as

• Information related to service use (customer and supplier no, user names, passwords)

• Start date of customer or supplier relationship

• Information related to customer purchase history

• Information related to supplier sales history

• Services use (e.g. newsletter subscription)

• Returns, refunds and replacements

• Benefits, sales campaigns and their use

• Information related to invoicing and bill collection

• Customer and supplier contact and communication related to customer and supplier relationship and other appropriate relations (such as complaints and other feedback as well as customer and supplier services records)

• Information related to any activity and actions taking part in the website of Ramtec Oy

• Permission and prohibition of direct marketing

7. Disclosing Personal data

The Personal data is generally not disclosed to third parties. The Personal data may, however, be disclosed to subcontractors of Ramtec Oy for purposes of sales and marketing unless specifically prohibited by the Data subject. Furthermore, in some circumstances, information may have to be disclosed for legal reasons or if required by applicable legislation.

Due to technical and practical requirements, the Personal data may be processed in locations other than the country in which the data subject is situated, including locations outside the European Union or European Economic Area (incl. Switzerland). Therefore, countries to which the Personal data may be sent/accessed from may have a different standard of data protection than the country in which the Data subject is situated. However, in all such cases, the processing and transferring of the Personal data shall be carried out in accordance with applicable legislations (e.g. justified by EU Commission standard contractual clauses) and Ramtec Oy’s data processing policies and instructions, including applying appropriate and suitable safeguards

8. Data protection

Databases containing Personal data are protected by firewalls, passwords and other technical means. Databases and their back-ups are located behind locked doors. Once the information is received, strict procedures and security features will be used to prevent unauthorized and illegal access, alteration and denial of use of the Personal data. All the used data security measures are appropriate and generally accepted. Ramtec Oy continuously follows the technical developments to make sure that its level of data protection is up to date.

Ramtec Oy’s website contains links to and from other websites. These websites are separate from Ramtec Oy’s website and operate under their own privacy policies. Ramtec Oy does not accept any responsibility or liability for these policies or the lack of them or the use of such websites.

Ramtec Oy uses, from time to time, ‘cookies’ which allow the recognition of an individual computer. Cookies typically enable collection of certain information regarding the individual computer, including internet protocol (IP) address, the computer’s operating system, type of browser type and the address of any referring sites. Cookies are intended to improve the availability and quality of the Business Activity. Ramtec Oy’s Cookie Statement explains the use of cookies in detail.

Manually handled files containing Personal data are also located behind locked doors without outside access. Ramtec Oy maintains that only those employees that require to do so in order to appropriately perform their employee duties have access to the Personal data.

9. Rights of Data subjects

Data subjects have the right to gain access and oversee what information and Personal data is held about them and to verify its accuracy. Requests to inspect any such information is to be provided in writing, signed and with proof of identity to the person responsible for the registry by contacting Ramtec Oy’s marketing (tel. +358 20 7424 530, e-mail. sales(at)ramtec.fi).

Data subjects have the right to ask for rectification or erasure of Personal data and under certain circumstances restrict the processing of the Personal data or to be forgotten by Ramtec Oy. Data subjects also have the right to object the processing of the Personal data and opt-out as a recipient of any marketing activities, including direct electronic marketing, direct sales and other related direct business actions as well polls and marketing research. Furthermore, Data subjects have the right to data portability, i.e. right to have Personal data provided by the Data subjects to be transmitted to another controller. Data subjects are always entitled to lodge a complaint with the competent supervisory authority.